LIC. JOSÉ EDUARDO CALZADA ROVIROSA,
Artículo 35. Por otros derechos:
This section describes how to simulate the NMS to obtain inventory files in SFTP mode using the OSMU. According to the obtained inventory file, you can check whether the northbound inventory file interface meets the conditions for interconnecting with the NMS.
2.1 Checking License (Inventory File Interface)
Before interconnecting the U2000 to the NMS, make sure that the NMS is licensed to use the northbound inventory file interface.
Do as follows to check that the NMS has the required license:
1. Log in to the U2000 client.
2. Choose License > OSS License Management > License Information (traditional style). Alternatively, double-click System Management in Application Center and choose License Management > License Information (application style). The License Information window is displayed.
3. Click the Resource Control Item tab. If Resource contains Inventory File Interface, the NMS is authorized to use the inventory file interface.
2.2 Negotiating the Interconnection Parameters for the Inventory File Interface
Before interconnecting the U2000 to the NMS, you need to check the license of the inventory file interface and negotiate the interconnection parameters for the inventory file interface. The inventory file is exported according to the negotiated parameters.
Negotiating the Interconnection Parameters
The interconnection parameters for the inventory file interface include the user name and password for the NMS to log in to the U2000, the start time and format of the exported file, and the fields in the exported file. Table 2-1 lists an example of a group of inventory file interface parameters. The following interconnection operations take this example as a reference.
Table 2-1 Example of interconnection parameters
Parameter Type Parameter Parameter Value Description
User User Name ftpuser This parameter is
not modifiable.
Password The default
password is Changeme_123
To improve system security, change the default database password upon first login and
periodically change the password. The password change interval can be customized as required.
Parameter Type Parameter Parameter Value Description
Format Start Time 10/11/2008 19:40:00 This parameter is
modifiable on the U2000 client.
Export Period 1 The minimum unit is
day.
This parameter can be modified on the U2000 client.
File Format XML This parameter is
modifiable on the U2000 client.
Negotiating File Transfer Mode
You need to negotiate between the U2000 and NMS to determine whether PUSH or PULL be used. You also need to negotiate between the U2000 and NMS to determine whether FTP or SFTP be used. You can then prepare for the interconnection according to the negotiated results by referring to Table 2-2.
NOTICE
Using SFTP is recommended because of its higher security than FTP.
Table 2-2 Guidance for setting file transfer
Mode FTP SFTP
PUSH: the U2000 automatically uploads files
For details, see Step 7 of 2.5.1 Configuring the
For details, see 2.5.1 Configuring the SFTP for Actively Transferring Files over the Northbound Interface (Public and Private Keys) or 2.5.2 Configuring the SFTP for Actively Transferring Files over the Northbound Interface (Password Authentication).
Mode FTP SFTP PULL: the
NMS directly obtains files
If you use FTP to transfer files, enable FTP by referring to the section "Configuring the FTP Transmission Policy" described in the corresponding U2000 Administrator Guide.
The U2000 uses SFTP to transfer files by default.
2.3 Modifying the Inventory Export Configuration File
This section describes how to modify the inventory export configuration file.
Prerequisites
You have logged in to the U2000 server as user ossuser.
Context
The inventory export configuration file is saved in the /opt/oss/server/etc/CMServer/
Inventory/InvtExportPara.xml folder. To customize the naming convention of exported inventory management files or set whether to record the collection time of inventory files, you have to modify the configuration file. Currently, only NE-based inventory management file export supports collection time recording. MOC-based export does not support this function.
Perform the following steps on the server where CMServer is deployed, run the following command to query CMServer:
> . /opt/oss/server/svc_profile.sh
> svc_adm -cmd status | grep CMServer
The following information means CMServer is deployed on the server:
CMServer [running ]
You can modify the parameters of the northbound configuration file either by running commands or by using the OSMU. For details about the operations performed on the OSMU, see 4.7 How to Set Parameters in a Northbound Configuration File.
Procedure
Step 1 Run the following command to open the configuration file InvtExportPara.xml:
$ vi /opt/oss/server/etc/CMServer/Inventory/InvtExportPara.xml The configuration file contains the following contents:
<?xml version="1.0" encoding="UTF-8"?>
<IMExpPara>
<DisCreditableRule Name="Synchronize DisCreditable Data" Value="false" />
<FileSaveDay Name="Export file saving days" Value="3"/>
<SyncRule Name="SyncTimeLatest" Value="false" />
<AlignRule Name="All align with MML,Unify to Cabinet No./Subrack No./Slot No." Value="true" />
</IMExpPara>
Step 2 Modify the InvtExportPara.xml file.
l Customize the export file name:
Add the export file naming rule to <IMExpPara>...</IMExpPara>. For example,
<FileNameRule Name="IM Export File naming rule"
Value="[IM]_[ExportTime]_[NeName]-[NeIP]-[NodeId].exp1234"/>
l Set the collection time switch:
Set Value of SyncTimeLatest to true or false. If you set Value to true, the collection time switch is enabled, and the collection time will be recorded in the inventory export file. If you set Value to false, the collection time switch is disabled, and the collection time will not be recorded.
l Set the attribute display switch of the inventory file:
Set Value of All align with MML,Unify to Cabinet No./Subrack No./Slot No. to true or false.
l Set the file storage time switch:
Set Value of Export file saving days to a specific value (such as three days) as required.
l Set whether to export untrusted inventory data:
Set Value of Synchronize DisCreditable Data to true or false as required to set whether untrusted data reported by NEs is saved to the database and exported over the northbound interface.
Old MOC Name
New MOC Name Switch Disabled
(Value="false") Switch Enabled (Value="true")
Rack Rack Cabinet
Frame Frame Subrack
MBTSRack MBTSRack MBTSCabinet
MBTSFrame MBTSFrame MBTSSubrack
BSCFrame BSCFrame BSCSubrack
BSCBTSFrame BSCBTSFrame BSCBTSSubrack
Old Attribute Name
New Attribute Name Switch Disabled
(Value="false") Switch Enabled (Value="true")
RackNo RackNo CabinetNo
FrameNo FrameNo SubrackNo
NOTE
By default, the switch is enabled for a newly installed V200R013 and later versions, and is disabled for V200R013 and later versions after an upgrade.
Step 3 Press Esc and run the :wq! command to save the modification and exit the vi editor.
Step 4 Run the following command to restart the CMServer service:
$ . /opt/oss/server/svc_profile.sh
$ svc_adm -cmd restartsvc CMServer ----End
2.4 Setting an Inventory Export Task
This describes how to set an automatic inventory export task on the U2000 client.
Procedure
Step 1 Choose Maintenance > Task Management (traditional style); alternatively, double-click System Management in Application Center and choose Task Schedule > Task
Management (application style). The Task Management window is displayed.
Step 2 Choose File Interface > Inventory Data Export from the navigation tree in the left pane.
The task records are displayed.
Step 3 Double-click the task record to open the Attribute dialog box. Set relevant parameters by referring to Table 2-3.
Table 2-3 An example of setting parameters
Tab Page Parameter Parameter Value
Common Parameters Task Name Inventory Data Export
Start Time 10/11/2008 19:40:00
Period One day
Extended Parameters File Format XML
NE For example, BTS3900 WCDMA
Step 4 Click OK. The setting of automatic export is complete.
----End
2.5 (Optional) Configuring the U2000 for Actively Uploading Files over the Northbound Interface
The U2000 can actively upload files to the NMS over the northbound interface. You can use either method to configure the U2000 for actively uploading files to the NMS over the northbound interface.
2.5.1 Configuring the SFTP for Actively Transferring Files over the Northbound Interface (Public and Private Keys)
When the U2000 server actively uploads files to the NMS over the northbound interface, the U2000 server functions as an FTP client and the NMS functions as an FTP server. To ensure data security during file transmission, you can set the SFTP encryption mode. If the U2000 server is upgraded to V200R015C00 or a Later Version, please reconfigure the SFTP for actively transferring files over the northbound interface according to this chapter.
Prerequisites
l Use PuTTY to log in to the U2000 server in SSH mode as user ossuser. For an HA system, you have logged in to the active and standby servers. For a remote HA system, you have logged in to the active and standby servers. For an SLS system, you have logged in to all servers.
l You have logged in to the NMS server as user UserA.
UserA is the NMS server user. Replace it as required.
Context
l To set up an SFTP connection using public or private key authentication, save the U2000 server's public key file in the authorized_keys file of the related NMS server user. The system performs authentication using the U2000 server's private key and the U2000 server's public key stored on the NMS server. After the authentication is successful, the SFTP connection is set up successfully. The U2000 server is not required to provide the NMS login password.
l The public and private key authentication files can be encrypted or not. For encrypted public and private key authentication files, set the password. If you forget the password, all public and private key authentication files must be generated again, and the new files will replace the existing files.
l Unless otherwise specified, perform the following operations on each server:
NOTE
l XFTPService0X01 indicates the XFTP service name of the U2000 server. Replace it as required.
l For a single-server system, the XFTP service name is XFTPService0101. For an HA system, the service is deployed on the active server. The service name is XFTPService0101. For a remote HA system, the service is deployed on the active and standby servers. The service name is XFTPService0101. For an SLS system, the service is deployed on the master and slave servers. The service name for the master server is XFTPService0101. The service name for the first slave server is XFTPService0201. The service name for the second slave server is XFTPService0301. This method applies to other service names of other servers.
l When the XFTP service uploads files in FTP mode:
– If the northbound server runs the Linux or Unix operating system, use the vsftpd software whose version is 2.0.5 or later.
– If the northbound server runs the Windows operating system, use the ftpserver service delivered with the system.
NOTICE
l In an SLS system, you need to perform the following steps only on the master and slave servers.
l In an HA or remote HA system, you need to perform the following steps only on the active server.
l In an ATAE cluster online remote HA system, you need to perform the following steps on the master server at both active site and standby sites. In a VM cluster system, you need to perform the following steps on the master server at the active site.
Procedure
Step 1 Public and private key files are generated on the U2000.
If You Need to... Then...
Generate encrypted public and private key files
Only perform Step 1.1 to Step 1.4.
Generate non-encrypted public and private key files
Only perform Step 1.5 to Step 1.8.
1. Run the following command on the U2000 server to check whether the .ssh directory exists in the home directory.
$ cd /export/home/omc/.ssh/
– If No such file or directory is displayed, the .ssh directory is unavailable in the home directory. Perform Step 1.3 after running the following command:
$ mkdir -p /export/home/omc/.ssh/
$ cd /export/home/omc/.ssh/
– If no command result is displayed, the .ssh directory is available in the home directory. Perform Step 1.2.
2. Run the following command to check whether the id_rsa_pwd.pub file exists.
$ ls id_rsa_pwd.pub
– If the system displays id_rsa_pwd.pub: No such file or directory, perform Step 1.3 to create a public key file.
– If the system displays id_rsa_pwd.pub, perform Step 2.
3. Run the following command to create encrypted public and private key files.
$ . /opt/oss/server/rancn/bin/ssh-keygen.sh
If the system displays the following message, enter 1 to create encrypted public and private key files.
---Please select an operation type:
1--Generate PubKey File with Encrypt Key.
2--Generate PubKey File without Encrypt Key.
---Please make a choice : 1
If the system displays the following message, enter /export/home/omc/.ssh/
id_rsa_pwd.
Generating public/private rsa key pair.
Enter file in which to save the key (/export/ossuser/.ssh/id_rsa):
If the following message is displayed, enter the password twice. When $ is displayed, the encrypted public key file is generated.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
NOTICE
– Keep the password for future use. If the password is lost, all public and private key files must be generated again, and the new files will replace the existing files.
– The password can contain 8 to 30 characters, including lowercase letters a to z, uppercase letters A to Z, digits 0 to 9, and special characters ]@%-=_.}{. To improve password security, please use the following password policies:
n The password contains at least one uppercase letter.
n The password contains at least one lowercase letter.
n The password contains at least one digit.
n The password contains at least one special character.
4. Run the following commands to modify permission of the public key file.
$ cd /export/home/omc/.ssh/
$ chmod 600 id_rsa_pwd.pub
5. Run the following command on the U2000 server to check whether the .ssh directory exists in the home directory.
$ cd ${HOME}/.ssh/
– If No such file or directory is displayed, the .ssh directory is unavailable in the home directory. After running the following command, perform Step 1.7.
$ mkdir -p ${HOME}/.ssh/
– If no command output is displayed, the .ssh directory is available in the home directory. Perform Step 1.6.
NOTE
The ${HOME} parameter indicates the home directory of user ossuser.
6. Run the following command to check whether the id_rsa file exists.
$ ls id_rsa
– If the system displays id_rsa: No such file or directory, perform Step 1.7 to create public and private key files.
– If the system displays id_rsa, perform Step 2.
7. Run the following command to create non-encrypted public and private key files.
$ . /opt/oss/server/rancn/bin/ssh-keygen.sh
If the system displays the following message, enter 2 to create non-encrypted public and private key files.
---Please select an operation type:
1--Generate PubKey File with Encrypt Key.
2--Generate PubKey File without Encrypt Key.
---Please make a choice : 2
If the system displays information similar to the following, the non-encrypted public key file has been created successfully:
Generating public/private rsa key pair.
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
8. Run the following commands to modify permission of the public key file.
$ cd ${HOME}/.ssh/
$ chmod 600 id_rsa.pub
Step 2 Enable public key authentication on the NMS.
1. Log in to the NMS server as user UserA. Run the cd ${HOME}/.ssh/ command to check whether the .ssh directory exists in the home directory.
– If No such file or directory is displayed, the .ssh directory is unavailable in the home directory. After running the mkdir -p ${HOME}/.ssh/ command, perform Step 2.2.
– If no command result is displayed, the .ssh directory is available in the home directory. Perform Step 2.2.
NOTE
The ${HOME} parameter indicates the home directory of user UserA.
2. Run the ls authorized_keys command to check whether the authorized_keys file exists.
– If the system displays authorized_keys: No such file or directory, run the touch authorized_keys command to create the authorized_keys file. Then, perform Step 2.3.
– If the system displays authorized_keys, proceed to Step 2.3.
3. Copy the content of the id_rsa.pub or id_rsa_pwd.pub file on the U2000 server to the authorized_keys file on the NMS server.
NOTICE
– For a non-encrypted public key file, copy the id_rsa.pub file's content.
If the id_rsa.pub file does not exist, copy the ${HOME}/.ssh/authorized_keys file's content on the U2000 server.
– For an encrypted public key file, copy the id_rsa_pwd.pub file's content.
a. Run the cat id_rsa.pub or cat id_rsa_pwd.pub command on the U2000 server.
The content of the id_rsa.pub or id_rsa_pwd.pub file is displayed.
b. Run the vi command on the NMS server to write the content of the id_rsa.pub or id_rsa_pwd.pub file into the authorized_keys file.
NOTICE
– The content to be written into the authorized_keys file cannot contain any line feed.
If any line feed exists, delete it.
– If the authorized_keys file contains any other data, perform a line feed operation.
Then, write the content.
4. Run the vi command to modify the /etc/ssh/sshd_config file and configure SFTP parameters on the NMS server.
# su - root
Password: Password of user root
# vi /etc/ssh/sshd_config
Table 2-4 lists the parameters to be configured.
Table 2-4 Parameters to be configured for the SFTP
Parameter Value
RSAAuthentication yes
PubkeyAuthentica-tion
yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentica-tion
yes/no. This parameter specifies whether the password authentication is used when the authentication of the public key and private key fails. You are advised to set this parameter to yes.
– yes: password authentication is used.
– no: password authentication is not used.
Parameter Value
MaxStartups Number of concurrent connections.
The calculation method is as follows:
1. Run the following command to query the number of the SFTP tasks deployed on the U2000 server:
n If the installed U2000 server software is a Chinese edition, run the following command:
# vi /opt/oss/server/etc/XFTPService/locale/zh_CN/
TaskInfoCache.xml
n If the installed U2000 server software is an English edition, run the following command:
# vi /opt/oss/server/etc/XFTPService/locale/en_US/
TaskInfoCache.xml
...
<ftpset>
<dest>10.10.10.10</dest>
<localpath...
<localpath...
</ftpset>
...
The preceding command output is used as an example.
10.10.10.10 indicates the IP address of the northbound server, and each localpath value corresponds to a task.
Record the number of tasks and enter :q! to exit the vi editor.
2. Run the following command to query the number of threads occupied by the SFTP tasks:
# cat /opt/oss/server/etc/XFTPService/
ModuleParam.xml |grep TaskThreadNum
<param name="TaskThreadNum">10</param>
The preceding command output is used as an example. 10 indicates the number of threads occupied by the SFTP tasks. Record the number of threads.
3. The number of concurrent connections is obtained by multiplying the number of tasks by the number of occupied threads.
NOTE
If you change the number of SFTP tasks, you must change the number of concurrent connections at the same time.
5. Perform the following operations on the NMS server to check the SFTP service status.